Login Sign Up

CVE-2017-17607

9.8 CRITICAL
SQL Injection

📋 TL;DR

CMS Auditor Website 1.0 contains a SQL injection vulnerability in the news-detail page via PATH_INFO parameter. Attackers can execute arbitrary SQL commands to steal, modify, or delete database content. All installations of CMS Auditor Website 1.0 are affected.

💻 Affected Systems

Products:
  • CMS Auditor Website
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation. Requires web server with PHP and database backend (typically MySQL).

📦 What is this software?

Cms Auditor Website by Cms Auditor Website Project

View all CVEs affecting Cms Auditor Website →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution if database functions allow it.

🟠

Likely Case

Database information disclosure, authentication bypass, and privilege escalation leading to unauthorized access to sensitive data.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only read-only access to non-sensitive data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts available. Exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative CMS or implementing custom fixes.

🔧 Temporary Workarounds

Input Validation Filter

all

Add parameterized queries or input validation for PATH_INFO parameter in news-detail.php

Modify news-detail.php to use prepared statements: $stmt = $pdo->prepare('SELECT * FROM news WHERE id = ?'); $stmt->execute([$id]);

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns in PATH_INFO

Add WAF rule: SecRule REQUEST_URI "@rx (?i)(union|select|insert|update|delete|drop|create|alter).*" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

  • Isolate the system behind a reverse proxy with strict input filtering
  • Implement network segmentation and restrict database access to minimum required sources

🔍 How to Verify

Check if Vulnerable:

Test with SQL injection payload in PATH_INFO: /news-detail/1' OR '1'='1

Check Version:

Check CMS version in admin panel or readme files

Verify Fix Applied:

Test with same payload and verify no SQL errors or unexpected data returned

📡 Detection & Monitoring

Log Indicators:

  • SQL syntax errors in web server logs
  • Unusual database queries from web application
  • Multiple failed parameter requests to news-detail

Network Indicators:

  • SQL keywords in URL parameters
  • Unusual database port traffic from web server

SIEM Query:

source="web.log" AND ("union select" OR "sleep(" OR "benchmark(" OR "waitfor delay") AND uri="*news-detail*"

📊 Metadata

CVE ID: CVE-2017-17607
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: December 13, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17607, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)